[SRU][Trusty][Bionic][PATCH 0/1] Fix for CVE-2018-16276

Kleber Sacilotto de Souza kleber.souza at canonical.com
Fri Nov 9 14:33:24 UTC 2018


 It was discovered that the YUREX USB device driver for the Linux kernel did
 not properly restrict user space reads or writes. A physically proximate
 attacker could use this to cause a denial of service (system crash) or
 possibly execute arbitrary code.

Clean cherry-pick for Bionic, simple backport for Trusty only for
context adjustment.

Jann Horn (1):
  USB: yurex: fix out-of-bounds uaccess in read handler

 drivers/usb/misc/yurex.c | 23 ++++++-----------------
 1 file changed, 6 insertions(+), 17 deletions(-)


More information about the kernel-team mailing list